[NBLUG/talk] FOLLOW-UP: I'm getting ssh scanned! Should I be worried?

E Frank Ball frankb at frankb.us
Mon Oct 18 11:51:28 PDT 2004 

On Mon, Oct 18, 2004 at 11:28:36AM -0700, Dave Sisley wrote:
} 
} - In /etc/ssh/sshd_config:
} 
}   - PasswordAuthentication no
}   - AllowUsers [my login]
}   - PermitRootLogin no 
} 
} My only hesitation was that setting up ssh this way would prevent me
} from logging in to my home box from some machine when I hadn't put the
} public key from that remote machine into the authorized_keys2 file of
} my home machine. 

The public key for the machine doesn't matter, only the user, just
accept the new machine key the first time you log in.  If you have your
private key that's all you should need.


} To work around this issue, I figured out a scheme (which you are all
} encouraged to critique).  Since I have shell access at sonic, I just
} set up a key pair between that server and my home box.  So, when I'm
} at school or anywhere else, I can log in to my sonic account with a
} password and then reach my home machine from there.  I also considered
} Frank's suggestion to carry my home key with me on a floppy (or other
} medium), but I knew I would forget to lug it around.

It's poor practice to log in from any public machine.  The shell at
sonic has been compromized more than once and people's logins/passwords
were captured.  Logging into the shell via ssh with a keypair was the
only safe way to login when this happened, and there was no safe way to
login to another system from the shell.

 
} I'd also like to use a non-standard port for ssh, but I've run into
} some confusion; I must be missing something.  I thought that all I
} need to do is edit sshd_config so that the daemon is listening on the
} new port:
} 
} #Port 22
} Port <some really high number, above 1024>
} 
} Now restart sshd.
} 
} Then, when I log in from a remote box, I just need to tell ssh to use
} that new port number:
} 
} ssh -p <really high number> me at my.home.machine
} 
} Unfortunately, I get a 'connection refused' message.  I even tried
} regenerating the keys on the remote box and rebooting my home machine
} (in case some service other than sshd needs restarting).

It seems like that should work, but I never tried it.
I edited /etc/init.d/ssh and set the port there:
/usr/sbin/sshd -p number

Actually I copied the script to ssh-number so I could start
ssh on either port number.

-- 

   E Frank Ball                frankb at frankb.us

More information about the talk mailing list